\chapter{Introduction}
\label{cha:introduction}

\section{Motivation of the thesis}
\label{sec:motivationof the thesis}

In recent years there has been a significant increase of online transactions
of information. From shopping on Internet to legal procedures, these kind of
operations are a double-edged sword. On the one side they provide a quicker and
easier way to accomplish tedious tasks but, on the other hand, they
can compromise important personal data.

All these services require user's identification, whether to check client's
solvency when it comes to buying a product or just to verify citizen
required age to sign a document. However, sometimes this reveals more
information than needed. Banks can track where clients' money is spent,
different enterprises can share information in order to define users profiles, or information can simply fall
into the hands of people with malicious goals.

In this thesis we will focus on a particular type of transaction, electronic petitions. We will also see
how the above-mentioned problems affect electronic petitions and which solutions are proposed.
Electronic petitions consist of formal requests or suggestions that citizens
send to various institutions through servers deployed for this purpose. They are
a relatively recent phenomenon that has flourished in part due to technological advances and in part
by the recent guidelines of European countries on the use of them in parliament.

Obviously, from the outset, these petitions have been signed from laptops or desktops. In addition,
authentication methods are not still very sophisticated: at times the
introduction of a simple PIN code, sometimes checking the source IP address ..
This lack of using reliable cryptographic methods has hurted the validity of
electronic petitions within a legal framework and, consequently, has halted its
use and the democratic impact that they could have.

That is why this thesis aims
to give impetus to this innovative idea. On the one hand we want to prevent
e-petitions systems to be used only from laptops or desktops. In recent years,
a new platform has emerged strongly in The market, the smart phones.This has led to
multiple software applications to adapt to the operating
systems on these new devices. Therefore, it is logical to think that e-petitions
will have much more impact if they are also available on smart phones.

On the other hand, secure cryptographic processors are more widely available
today. We can use them as electronic identity and, thus, they can accommodate
all the personal information needed for a petition signature. Throughout this
thesis we will refer to the smart card as the secure element.

\begin{figure}[h!]
\begin{centering}
\includegraphics[width=0.6\textwidth]{1-int-esquema.png}
\caption{E-petition system architecture and protocols, from ``Privacy preseving
electronic petitions'' \cite{0-abs:privacy_preserving_electronic_petitions}}
\label{fig:esquema}
\end{centering}
\end{figure}

Having a solid platform and a secure element at our disposal obviously does
not directly solve the issues previously mentioned on identity disclosure.

Fortunately, alternative authentication means can protect against such
information disclosure. Instead of revealing all user's information so that different
entities can determine if a user is authorised, the user will send his/her
information to a third and trusted entity, called the credential issuer. This
issuer's role is checking the required fields (age, nationality, solvency) and
then issuing a credential on these fields to the user. The user will
then only need to show this credential to the petition server in order to
accomplish the demanded task. This way, the only information the petition server
will have is the validity of the user to sign the petition requested.


The creation, issuance and distribution of credentials mentioned above, will be conducted following the
Direct Anonymous Attestation protocol (DAA protocol, \cite{0-abs:daa_protocol}). DAA is a cryptographic
protocol that enables the remote authentication of an user, using a secure
element as identification, while preserving its privacy. More precisely,
if the user talks to the same petition server twice, the petition server is not
able to tell if it communicates with the same user as before or with a
different one. DAA achieves its anonymity properties by heavily relying on
non-interactive zero-knowledge proofs. Intuitively, these zero-knowledge
proofs allow the secure element to authenticate with the petition server without
revealing the secure element's secret identifier.

\section{Goals of the thesis}

The objective of this thesis is the optimal design of an anonymous electronic
petition system, adapted to the characteristics of the smart phone, and by using
all the security advantages offered by smart cards. We also intend to offer
users a simple and safe service, with a friendly environment, that will facilitate the signing of petitions through
their smart phone.

\section{Structure of the thesis}

In this thesis, before explaining the Anonymous e-petitioning service
implementation, some required fields are explained for a better understanding,
such as SmartCards, Android environment, e-petitions and the DAA protocol.



%%% Local Variables:
%%% mode: latex
%%% TeX-master: "eindwerk_template"
%%% End:
